WordPress 2.6.5 Update Deals With XSS Vulnerability

A fresh new WordPress update comes to knock out a cross-site scripting (XSS) flaw.

According to a WordPress announcement, the issue in question should not alarm WP blogers, unless several conditions are met:

“The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.”

WordPress released version 2.6.5 directly after 2.6.3. There never was nor will be an officiall WordPress 2.6.4. The only “version” bearing this name is a fake package released by some nice people, better-known as “hackers”. So just try to avoid such a version, were it to come your way.